Alameda County, CA — July 23, 2025 — The Clorox Company and its subsidiary, Clorox Services Co., today filed a $380 million lawsuit in California state court against Cognizant Worldwide Ltd. and its New Jersey affiliate, Cognizant Technology Solutions US Corp. The complaint alleges that Cognizant enabled a “catastrophic” cyberattack on Clorox’s corporate network in August 2023 by handing over sensitive employee passwords to hackers without proper verification.
According to the partially redacted 19-page complaint, hackers gained unauthorized access by simply calling the Cognizant service desk and requesting login credentials. The complaint states that Cognizant’s support agents repeatedly reset passwords and changed account phone numbers without authenticating the callers, allowing cybercriminals to bypass multiple cybersecurity defenses within hours.
“This was not the result of sophisticated hacking,” the complaint reads. “The cybercriminal just asked, and Cognizant handed over the keys.”
The cyberattack severely disrupted Clorox’s operations, crippling its network and causing significant business interruptions. Clorox estimates compensatory damages of approximately $380 million, which includes over $49 million in remedial costs and extensive losses due to interrupted shipments.
The lawsuit asserts claims of breach of contract, breach of the covenant of good faith and fair dealing, gross negligence, and intentional misrepresentation. Clorox seeks compensatory and punitive damages, along with interest, attorney fees, and costs.
Mary Rose Alexander of Latham & Watkins LLP, counsel for Clorox, said, “Clorox entrusted Cognizant to safeguard its systems. Instead, Cognizant recklessly handed over access to a notorious cybercriminal group, ignoring established policies and standards. This failure is indefensible and directly responsible for the harm to Clorox’s business.”
Cognizant has not yet responded to requests for comment.
